1. Ubuntu Security Notices
  2. USN-7137-1

USN-7137-1: recutils vulnerabilities

Publication date

4 December 2024

Overview

recutils could be made to crash or run programs as a login user if a specially crafted file was opened.

Releases

Packages

  • recutils - text-based databases called recfiles

Details

It was discovered that recutils incorrectly handled memory when parsing
comments with the recparser utility. An attacker could possibly use this
issue to cause a denial of service or run arbitrary commands.
(CVE-2021-46019, CVE-2021-46021, CVE-2021-46022)

It was discovered that recutils incorrectly handled memory when parsing CSV
files. An attacker could possibly use this issue to cause a denial of
service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638,
CVE-2019-11639, CVE-2019-11640)

It was discovered that recutils incorrectly handled memory when parsing
maliciously crafted recfiles. An attacker could possibly use this issue to
cause a denial of...

It was discovered that recutils incorrectly handled memory when parsing
comments with the recparser utility. An attacker could possibly use this
issue to cause a denial of service or run arbitrary commands.
(CVE-2021-46019, CVE-2021-46021, CVE-2021-46022)

It was discovered that recutils incorrectly handled memory when parsing CSV
files. An attacker could possibly use this issue to cause a denial of
service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638,
CVE-2019-11639, CVE-2019-11640)

It was discovered that recutils incorrectly handled memory when parsing
maliciously crafted recfiles. An attacker could possibly use this issue to
cause a denial of service. (CVE-2019-6455, CVE-2019-6456, CVE-2019-6457,
CVE-2019-6458, CVE-2019-6459, CVE-2019-6460)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 jammy librec1 –  1.8-1ubuntu0.22.04.1~esm1  
recutils –  1.8-1ubuntu0.22.04.1~esm1  
20.04 focal librec1 –  1.8-1ubuntu0.20.04.1~esm1  
recutils –  1.8-1ubuntu0.20.04.1~esm1  
18.04 bionic librec1 –  1.7-2ubuntu0.1~esm1  
recutils –  1.7-2ubuntu0.1~esm1  
16.04 xenial librec1 –  1.7-1ubuntu0.1~esm1  
recutils –  1.7-1ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›